#!/usr/bin/perl

use strict;
use warnings;
use Cwd;


push(@INC, getcwd);
require "subs.pl";

our $logdir = defined $ARGV[0] ? $ARGV[0] : getcwd . "/logs/";
our $access_log = $logdir . "access_log";
our $audit_log = $logdir . "audit_log";


our %connections = ();
our %browsers = ();
our %proxy = ();
our %denied = ();
our %brute_requests = ();
our %users = ();
our %spam = ();
our %codered = ();
our %nimda = ();

our $outfile;
our $fileflag = 0;
our $outfilename = "";

opendir(LOGDIR, $logdir) or die("Enter a readable directory $!");
open ACCESSFILE, "<", $access_log or die "access_log not found at [$access_log]\n\n";
open AUDITFILE, "<", $audit_log or die "audit_log not found at [$audit_log]\n\n";
close(LOGDIR);
close(ACCESSFILE);
close(AUDITFILE);

my $menu = 0;
until ($menu == -1) {
    print_menu();
    chomp(my $in = <STDIN>);

    if ($in == 1) {
        print "\n\nRunning Top 10 IP addresses of remote user. \n" if not $fileflag;
        print $main::outfile localtime() . "  Running Top 10 IP addresses of remote user. \n" 
            if $fileflag;
        Apache::connections(); }
    if ($in == 2) {
        print "\n\nRunning Top 10 User-Agents.\n" if not $fileflag;
        print $main::outfile localtime() . "  Running Top 10 User-Agents.\n" if $fileflag;
        Apache::browsers(); }
    if ($in == 3) {
        print "\n\nRunning Top 10 allow CONNECT proxy connections.\n" if not $fileflag;
        print $main::outfile localtime() . "  Running Top 10 allow CONNECT proxy connections.\n" if $fileflag;
        Apache::proxy_conn(); }
    if ($in == 4) {
        print "\n\nRunning Access Denied by mod_security.\n" if not $fileflag;
        print $main::outfile localtime() . "  Running Access Denied by mod_security.\n" if $fileflag;
        Apache::access_denied(); }
    if ($in == 5) {
        print "\n\nIdentifying Brute Force Authentication attacks.\n" if not $fileflag;
        print $main::outfile localtime() . "  Identifying Brute Force Authentication attacks.\n" if $fileflag;
        Apache::brute(); }
    if ($in == 6) {
        print "\n\nFinding HTTP Basic Authentication.\n" if not $fileflag;
        print $main::outfile localtime() . "  Finding HTTP Basic Authentication.\n" if $fileflag;
        Apache::users(); }
    if ($in == 7) {
        print "\n\nFinding out other malicious activities from audit_log.\n" if not $fileflag;
        print $main::outfile localtime() . "  Finding out other malicious activities from audit_log.\n" if $fileflag;
        Apache::malicious_activity(); }
    if ($in == 8) {
        if (not $fileflag) {
            print "Enter file: ";
            chomp(our $outfilename = <>);
            open $outfile, "+>>", $outfilename or $fileflag = -1;
            if ($fileflag == -1)
            {
                print "Could not open [$outfilename] for write.\n";
                print "Continuing\n";
            }
            else {
                $fileflag = 1;
                print "All choices will now print to file : [$outfilename]\n";
                print $main::outfile "Appended data: [" . localtime() . "]\n";
            }
        }
        else {
            $main::fileflag = 0;
            print "Returning Results to print on STDOUT\n";
        }
    }
    if ($in == 9) {
        exit_menu(); }
}

sub print_menu {
    if (not $main::fileflag){
        print "\n**************** = Menu = ******************\n";
        print " 1. Top 10 IP addresses of remote user. \n";
        print " 2. Top 10 User-Agents.\n";
        print " 3. Top 10 allow CONNECT proxy connections.\n";
        print " 4. Show what was Access Denied by mod_security.\n";
        print " 5. Identify Brute Force Authentication attacks.\n";
        print " 6. Find HTTP Basic Authentication. (Recommended out to file. 8)\n";
        print " 7. Find out other malicious activities from audit_log\n";
        print " 8. Append Results to a file.\n";
        print " 9. Exit\n";
        print "********************************************\n";
        print "CHOICE> ";
    }
    else {
        print "\n**************** = Menu = ******************\n";
        print " 1. Top 10 IP addresses of remote user. \n";
        print " 2. Top 10 User-Agents.\n";
        print " 3. Top 10 allow CONNECT proxy connections.\n";
        print " 4. Show what was Access Denied by mod_security.\n";
        print " 5. Identify Brute Force Authentication attacks.\n";
        print " 6. Find HTTP Basic Authentication.\n";
        print " 7. Find out other malicious activities from audit_log\n";
        print " 8. Print Results to STDOUT.\n";
        print " 9. Exit\n";
        print "********************************************\n";
        print "CHOICE> ";
        
    }
}

sub exit_menu {
        if ($main::outfilename) {close($main::outfile);}
        return $menu = -1;
}

